All news with #data poisoning tag

⚠️ Enterprise AI deployments face a quiet but serious integrity risk when models learn or retrieve false information: data poisoning and widespread data pollution can make LLMs produce plausible but incorrect outputs. This threat spans training datasets, RAG and retrieval layers, agent memory, and internal knowledge bases — and often originates from stale, conflicting, or poorly governed sources rather than deliberate attacks. Security leaders are urged to map all context sources, treat AI inputs as a supply chain, tighten data hygiene, and assign clear governance to identify and remediate corrupted truth.

🔍 CISOs are scrambling to close visibility gaps as organizations rapidly adopt AI, confronting risks such as prompt injection, data poisoning, shadow AI, and agentic behaviors. Security leaders report limited insight into where AI is used and how models behave, forcing them to reposition existing tools, adopt new monitoring solutions, and formalize governance. While traditional controls like DLP and SIEM can mitigate many issues, experts warn no single solution is fully mature, so leaders must balance guardrails, emerging observability tools, and business velocity.

🔒 In February 2026 ESET Chief Security Evangelist Tony Anscombe highlights a series of notable incidents: widespread misuse of commercial generative AI, a novel Android malware campaign, increased ATM jackpotting, and destructive attacks against critical infrastructure. Researchers tied more than 600 compromised FortiGate devices in 55 countries to exposed management ports and weak credentials, while ESET documented PromptSpy, the first known Android malware abusing generative AI for context-aware UI manipulation. The FBI warned US ATM operators about a rise in jackpotting, and ESET analyzed a DynoWiper case targeting an energy company. Businesses are urged to strengthen access controls, enforce MFA, close exposed management ports, and improve monitoring for GenAI-related abuse.

⚠️ A short experiment demonstrates how easy it is to poison AI outputs by publishing a single fabricated webpage. The author wrote an entirely false article titled "The best tech journalists at eating hot dogs," inventing events and rankings; within 24 hours Google Gemini and ChatGPT had incorporated the falsehoods, while Claude resisted. The incident underscores the fragility of trust in AI-derived answers.

⚠️Microsoft warns that legitimate companies are embedding hidden instructions in 'Summarize with AI' buttons to bias chatbot memory and recommendations. The Defender Security Research Team calls this AI Recommendation Poisoning, finding more than 50 distinct prompts from 31 firms across 14 industries that attempt to make assistants 'remember' and favor a source in future conversations. The technique uses prefilled URL parameters and turnkey tools like CiteMET, and Microsoft advises users and organizations to audit assistant memory, avoid untrusted AI links, hover over AI buttons, and hunt for suspicious prompt keywords.

⚠️ Recent research shows that as few as 250 fabricated documents or images can measurably alter large language model behavior, making data poisoning accessible to non-experts. Online communities and influencers are already seeding false content that may be ingested during public-model training or fine-tuning. Organizations should maintain a clean 'gold' model, monitor input streams for anomalous patterns, and perform regular adversarial testing to detect drift and backdoors before deployment.

🤖 In episode 84 of The AI Fix, hosts Graham Cluley and Mark Stockley survey a series of recent AI developments that raise practical and philosophical questions. They discuss reports that Grok will be integrated into Pentagon networks, a campaign by insiders to poison training data, and research showing small amounts of tainted data can sway model behavior. The episode also covers Google removing AI health overviews after risky outputs, findings that asking a model the same question twice can improve answers, and surprising advances in automated theorem solving.

🔒 AI systems face a growing range of attacks—from data poisoning and model poisoning during training to adversarial inputs, prompt injection, and model theft during deployment. These threats exploit weak data governance, supply chain dependencies, and inadequate monitoring. Security leaders should adopt proactive controls including provenance tracking, adversarial testing, rate limits, and routine red teaming. Frameworks like MITRE ATLAS can help map attacker techniques and prioritize defenses.

🔒 Researchers propose a defensive data-poisoning tool called AURA to protect proprietary knowledge graphs that feed LLMs. The method injects plausible but false entries that authorized users can filter out with a secret key, while stolen graphs become unreliable for attackers. The authors report degrading unauthorized accuracy to 5.3% and preserving 100% fidelity for key-holders with under 14% max latency overhead.

🛡️In 2026 Palo Alto Networks forecasts a shift to the Year of the Defender as enterprises counter AI-driven threats with AI-enabled defenses. The report outlines six predictions — identity deepfakes, autonomous agents as insider threats, data poisoning, executive legal exposure, accelerated quantum urgency, and the browser as an AI workspace. It urges autonomy with control, unified DSPM/AI‑SPM platforms, and crypto agility to secure the AI economy.

🔍 Amazon Inspector researchers identified and reported over 150,000 npm packages tied to a coordinated tea.xyz token farming campaign that automatically generated and published packages to harvest blockchain rewards. The team combined rule-based detection with AI and worked directly with the Open Source Security Foundation (OpenSSF) to assign MAL‑IDs and submit packages for removal. The campaign caused registry pollution and reveals a new reward-driven supply chain abuse vector that can obscure legitimate software and consume infrastructure resources.

🪲 A self-replicating campaign named IndonesianFoods is spamming the npm registry by creating new packages roughly every seven seconds, with Sonatype reporting more than 100,000 published components. The packages use random Indonesian names and food terms and currently contain no known data-stealing payloads, but researchers warn a future update could introduce malware. Some packages appear to exploit the TEA Protocol to inflate contribution scores and earn tokens, pointing to a financial motive. Developers are urged to lock dependencies, monitor unusual publishing patterns, and enforce strict signature validation.

🔒 Microsoft summarizes the top generative AI security risks and mitigation strategies in a new e-book, highlighting threats such as prompt injection, data poisoning, jailbreaks, and adaptive evasion. The post underscores cloud vulnerabilities, large-scale data exposure, and unpredictable model behavior that create new attack surfaces. It recommends unified defenses—such as CNAPP approaches—and presents Microsoft Defender for Cloud as an example that combines posture management with runtime detection to protect AI workloads.

🛡️ New IO research reports that 26% of surveyed UK and US organisations have experienced data poisoning, and 37% observe employees using generative AI tools without permission. The third annual State of Information Security Report highlights rising concern around AI-generated phishing, misinformation, deepfakes and shadow AI. Despite the risks, most respondents say they feel prepared and are adopting acceptable use policies to curb unsanctioned tool use.